CVE-2020-7788

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions ini versions prior to 1.3.6

Description The issue is related to an uncontrolled modification of object prototype attributes in the ini library. This can be exploited by submitting a malicious INI file to an application that parses it with ini.parse, allowing an attacker to pollute the prototype on the application. The impact of this exploitation depends on the context.

Recommendations For versions prior to 1.3.6, update to version 1.3.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of the ini.parse function until a patch is applied. Avoid using the ini.parse function to parse untrusted INI files.

Exploit

Fix

Prototype Pollution

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1321

Related Identifiers

ALSA-2021:0548

ALSA-2021:0549

ALSA-2021:0551

ALSA-2021:5171

ALSA-2022:0350

ALSA-2022:6595

ALT-PU-2021-2408

ALT-PU-2022-3069

AZL-44679

AZL-45153

BDU:2021-02874

CESA-2021_0548

CESA-2021_0549

CESA-2021_0551

CESA-2021_5171

CESA-2022_0350

CVE-2020-7788

DLA-2503-1

GHSA-QQGX-2P2H-9C37

MGASA-2021-0068

OESA-2022-1769

RHSA-2021:0421

RHSA-2021:0485

RHSA-2021:0521

RHSA-2021:0548

RHSA-2021:0549

RHSA-2021:0551

RHSA-2021:3280

RHSA-2021:3281

RHSA-2021:5171

RHSA-2021_0548

RHSA-2021_0549

RHSA-2021_0551

RHSA-2021_5171

RHSA-2022:0246

RHSA-2022:0350

RHSA-2022:6595

RHSA-2022_0350

RHSA-2022_6595

RLSA-2021:0548

RLSA-2021:0549

RLSA-2021:0551

RLSA-2021:5171

RLSA-2022:0350

RLSA-2022:6595

SNYK-JS-INI-1048974

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Red Hat

Rocky Linux

Ini

CVE-2020-7788

Weakness Enumeration

Related Identifiers

Affected Products

References · 145